Some of the tools promoted by the gang on GitHub are a Discord spammer, a Nitro generator, a password stealer, a Discord token grabber, and a Discord webhook hiding module.

The Python code turned out to be a modified version of the open-source token logger Volt Stealer, while the novel JavaScript malware–dubbed “LofyStealer”–was created to infect Discord ...

In addition to malicious npm packages, LofyGang distributes malicious hacking tools on GitHub. Similar to the npm packages, the hacking tools tend to be Discord-related.

The purpose of the campaign appears to be to steal Discord tokens and users’ card data. “The Python malware is a modified version of an open source token logger called Volt Stealer. It is intended to ...

Malicious npm packages are stealing Discord tokens JFrog researchers found 17 malicious packages that intentionally seek to attack and steal a user's site credentials.

The PyPl package "discordcmd", for example, attacks the Discord Windows client via a backdoor downloaded from GitHub and installed on the Discord app to steal Discord tokens.

A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply ...